CVE-2025-13919 Symantec — Exploit & Vulnerability Details MEDIUM

CVE-2025-13919

MEDIUM CVSS 3.1: 4.4 EPSS 0.01%

Parameter	Value
CVSS	4.4 (MEDIUM)
Affected Versions	before 14.3
Type	CWE-427 (Uncontrolled Search Path Element)
Vendor	Symantec
Public PoC	No

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-427 Uncontrolled Search Path Element

References 1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…

secure@symantec.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3991

Symantec

7.8

CVE-2025-13918

Symantec

6.7

CVE-2025-0893

Symantec

7.8

Menu

CVE-2025-13919

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-3991

CVE-2025-13918

CVE-2025-0893

CVE Details

Editor's Choice

Menu

CVE-2025-13919

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-3991

CVE-2025-13918

CVE-2025-0893

CVE Details

Editor's Choice

Stay informed on cybersecurity